fix messages

This commit is contained in:
Anton Romanov 2019-11-27 23:36:33 +04:00
parent 4e1d99392a
commit fa03edf32d

View File

@ -29,6 +29,7 @@ import org.springframework.security.web.authentication.AuthenticationFailureHand
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import ru.ulstu.core.model.AuthFailureHandler; import ru.ulstu.core.model.AuthFailureHandler;
import ru.ulstu.core.navigation.Page;
import ru.ulstu.user.model.UserRoleConstants; import ru.ulstu.user.model.UserRoleConstants;
import ru.ulstu.user.service.UserService; import ru.ulstu.user.service.UserService;
@ -76,8 +77,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.csrf() http.csrf().disable();
.disable();
if (applicationProperties.isDevMode()) { if (applicationProperties.isDevMode()) {
log.debug("Security disabled"); log.debug("Security disabled");
http.authorizeRequests() http.authorizeRequests()
@ -92,6 +92,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
.permitAll() .permitAll()
.anyRequest() .anyRequest()
.authenticated() .authenticated()
.antMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
.and() .and()
.formLogin() .formLogin()
.loginPage("/login.xhtml") .loginPage("/login.xhtml")
@ -108,12 +109,12 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
.tokenEndpoint() .tokenEndpoint()
.accessTokenResponseClient(accessTokenResponseClient()) .accessTokenResponseClient(accessTokenResponseClient())
.and() .and()
.defaultSuccessUrl("/index.xhtml") .defaultSuccessUrl(Page.INDEX)
.failureUrl("/loginFailure") .failureUrl("/loginFailure")
.and() .and()
.logout() .logout()
.logoutSuccessHandler(logoutSuccessHandler) .logoutSuccessHandler(logoutSuccessHandler)
.logoutSuccessUrl(Constants.LOGOUT_URL) .logoutSuccessUrl(Page.LOGOUT)
.invalidateHttpSession(true) .invalidateHttpSession(true)
.clearAuthentication(true) .clearAuthentication(true)
.deleteCookies(Constants.COOKIES_NAME) .deleteCookies(Constants.COOKIES_NAME)
@ -191,79 +192,4 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
throw new BeanInitializationException("Security configuration failed", e); throw new BeanInitializationException("Security configuration failed", e);
} }
} }
/* @Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable();
if (applicationProperties.isDevMode()) {
log.debug("Security disabled");
http.authorizeRequests()
.anyRequest()
.permitAll();
http.anonymous()
.principal("admin")
.authorities(UserRoleConstants.ADMIN);
} else {
log.debug("Security enabled");
http.authorizeRequests()
.antMatchers(UserController.ACTIVATE_URL).permitAll()
.antMatchers(Constants.PASSWORD_RESET_REQUEST_PAGE).permitAll()
.antMatchers(Constants.PASSWORD_RESET_PAGE).permitAll()
.antMatchers("/users/block").permitAll()
.antMatchers(UserController.URL + UserController.REGISTER_URL).permitAll()
.antMatchers(UserController.URL + UserController.ACTIVATE_URL).permitAll()
.antMatchers(UserController.URL + UserController.PASSWORD_RESET_REQUEST_URL).permitAll()
.antMatchers(UserController.URL + UserController.PASSWORD_RESET_URL).permitAll()
.antMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.xhtml")
.successHandler(authenticationSuccessHandler)
.failureHandler(authenticationFailureHandler)
.permitAll()
.and()
.logout()
.logoutSuccessHandler(logoutSuccessHandler)
.logoutSuccessUrl(Constants.LOGOUT_URL)
.invalidateHttpSession(false)
.clearAuthentication(true)
.deleteCookies(Constants.COOKIES_NAME)
.permitAll();
}
if (applicationProperties.isUseHttps()) {
http.portMapper()
.http(httpPort)
.mapsTo(httpsPort)
.and()
.requiresChannel()
.anyRequest()
.requiresSecure();
}
}
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers("/css/**")
.antMatchers("/javax.faces.resource/**")
.antMatchers("/js/**")
.antMatchers("/templates/**")
.antMatchers("/webjars/**")
.antMatchers("/img/**");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
if (applicationProperties.isDevMode()) {
return;
}
try {
auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder);
} catch (Exception e) {
throw new BeanInitializationException("Security configuration failed", e);
}
}*/
} }